Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00
Code Issues Releases Wiki Activity

openssl: client: check wsi from openssl private data

Browse source 
v2.4 was patched to check NULL wsi in the verify callback,
nobody has reported it on later versions, but might as well
check it too.
This commit is contained in:
Andy Green 2019-04-03 08:04:48 +08:00
parent a92cf6533f
commit ede747f1bc
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
lib/tls/openssl/openssl-client.c
View file

@ -51,6 +51,12 @@ OpenSSL_client_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
SSL_get_ex_data_X509_STORE_CTX_idx());
wsi = SSL_get_ex_data(ssl,
openssl_websocket_private_data_index);
if (!wsi) {
lwsl_err("%s: can't get wsi from ssl privdata\n",
__func__);
return 0;
}
if ((err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) &&
@ -79,6 +85,11 @@ OpenSSL_client_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
SSL_get_ex_data_X509_STORE_CTX_idx());
wsi = SSL_get_ex_data(ssl, openssl_websocket_private_data_index);
if (!wsi) {
lwsl_err("%s: can't get wsi from ssl privdata\n", __func__);
return 0;
}
n = lws_get_context_protocol(wsi->context, 0).callback(wsi,
LWS_CALLBACK_OPENSSL_PERFORM_SERVER_CERT_VERIFICATION,